The Question has been closedby
I created new module depends on Project Management, i want to add new Groups,users,rules and Access controls in security folder. I successfully added groups and users, and for some extend Access Controls.
My Question is: how to specify the access right(Read/Write/Create/Delete) for every rule?.
For example: 1.User can create/read/write tasks (ACL) 2.User can read/modify only tasks assigned to him (Rule) 3.Project managers can see all tasks in their projects (Rule)
I couldn't find a documentation for this point, any links or explanations?
Access Right This is how you can give read/write/create/delete rights in group on particular object by creating
ir.model.access.csv file. See line number 1 & 2.
Access Rules This is how you can create access rules for particular object and groups by creating xml file.
<record model="ir.rule" id="ir_values_my_costume_rule"> <field name="name">My Rule Name</field> <field name="model_id" ref="model_your_model_name"/> <field name="domain_force">[('field','operator','value'),('user_id','=',user.id)]</field> <field name="perm_read" eval="True"/> <field name="perm_write" eval="True"/> <field name="perm_unlink" eval="True"/> <field name="perm_create" eval="True"/> </record>
You must pass
model_ before model name in
<field name="model_id" ref="model_your_model_name"/> like this:
eval you can either pass
False as per you need.
Record Rules can be defined from the menu also without creating any file : Settings->Technical->Security->Record Rules.
There are three main fields that you need to configure carefully in order to define "Record Rule"
- Object: On which you want to apply record rule. (in this example it is "Task" object).
- Domain: Setup domain for filtering the data.
- Groups: Add group for which you want to apply this record rule. If nothing to add then this rule is apply globally which is usually used to configuring multi-company record rule.
I am going to explain such access rule by taking the example of "Task" object of OpenERP.
In my example, suppose my requirement is like this:
The user 'rch' can access only list of tasks of following kind...
- list of all tasks which is not assigned to any user. i.e.('user_id','=',False)
- list of all tasks Which is assigned to user 'rch'. i.e.('user_id','=',user.id)
- list of all tasks of all the project's for which he is a member of. i.e.('project_id.members','in', [user.id])
- list of all tasks of the project for which he is a project manager. i.e.('project_id.user_id','=',user.id)
Configure your record rule as follow:
- Name: Tasks According to User and Project.
- Object: Task.
- Domain: ['|','|','|',('user_id','=',False),('user_id','=',user.id),('project_id.members','in', [user.id]),('project_id.user_id','=',user.id)].
- Groups: project/User.
Now add this group (project/User) to user 'rch'.
About This Community
|Asked: 4/21/13, 7:12 AM|
|Seen: 7762 times|
|Last updated: 3/16/15, 8:10 AM|